No DNS resolution of private IP addresses

The FRITZ!Box cannot be used for DNS resolution of domain names that point to private IP addresses in the FRITZ!Box home network. This means that the domain name cannot be used to access server services in the FRITZ!Box home network. One of the following error messages may be displayed:

"DNS timed out"

"DNS request timed out"

Example:A computer in the FRITZ!Box home network (192.168.178.29) cannot access a web server in the same home network because the DNS request for this web server (my_domain.de) is answered with an IP address in the same home network (192.168.178.20).

Cause

To guarantee the security of the computers in the FRITZ!Box home network, the FRITZ!Box suppresses DNS responses that point to IP addresses in the home network. This is a security function of the FRITZ!Box to protect against what are known as "DNS rebinding attacks".

Important:Some of the settings described here are only displayed if the advanced view is enabled in the user interface. The configuration procedure and notes on functions given in this guide refer to the latest FRITZ!OS.

1 Configuring the FRITZ!Box

In the "Domain name exceptions" field, enter the name of the domain (for example my_domain) for which DNS rebind protection should not apply. If you would like to enter several domain names as exceptions, separate the domain names from each other with a line break.

Click "Apply" to save your settings.

Now DNS requests for domain names contained in the list of exceptions will receive a response even if the DNS response points to an IP address in the FRITZ!Box home network.

Important:If you enter exceptions for DNS rebind protection in the FRITZ!Box, the Internet connection should be monitored with security software (for example a firewall, virus scanner) on every computer in the home network.